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(54) [#9ia>£*M 







(57) [mi 

KPRk^L S 1 J— 13 1 5Jd»«&i-So = i'S'* — 

WSir>^ 1 lA»fe©|iEW»DVfc«r1E»jKi*2 1 

PRk^m^L S I IcitfeSo ItLS I \z 

£9. 3£»£ftfclE»fflM*2 i<DSEBfDVi:S*DS 




yT^y&ffi^ik^XffimZ^Z^^Tyy* — *k. 
ffftE a >-r V ty ^ — X 7^$i#rf S^yf^Sr L T 

U 

«rE«^a»ffc^aii, WsEHt^^HTt^^T-vy 

3 y f v ^ Bit liSrM LT yr y 7 SrBl^l: L, ± 
^y^«-^^H«Sr^T, r;h,lc«fc 0 U EE 

bmxm-^it ^tzmm*^&uwm k z^is^^y 
*-#k:«i&u -Txfzfy^^-hmkm&m-t^fi 



^itztix^^^^T^ym^mk. m&k. <gm± 
^pfrhmmziritzmAmk&ummm^mL, 

&<t, mnm*&u^ttft<n^&m*>*<&Mmk* 

H9E*^^att, tE9!§£^£ffli?v^P#§£ffl^T 

u 

mfEW-s-te ^tb/c^^-x> y Bt^^m-^-r 6 co« 

mw^ti^^T^y^^&m^^xm^ikztiti^^T 
wk&^irz yy bt^Tk, <D'j?te< k i>-*&ffi 

^kZ&Wik-tzm&mi. 2XH3«cE«6^r-V^^ 

#3>-r^y<D— ffl€:^T-E«U, te<7>^^<i:t — 
WSrHftE^^^^Bt-Mil-J: 0 Bt*^bTH(rEE»a 

[»*«6] ««^-rv?^/i'=»^>'^^E»$tt^. 

^(o^tsi< k fc— ^5^, ^yr^^ym^mi^^itm 



[0001] 

>*r vy £fE^ UfcBWtttff lc|Bi-5. 
[0002] 

[0 0 0 3] m^OSf+SriS^-rfcft, t^v^/M" 

[0 0 0 4] 
[0 0 0 5] 

^Sirv^ (11) BulS^Sirv^ (l l) (7)^S 
T4i?*/i>=>T>'V&!i»^ikLXffim£'itZ>=' 
yfy7>^^ (13) BulS=»>-r^^^— # (1 
3) ^t^^y^y^^^-tTW^it^S 
ffi$ri^t5I^^f^ (15, 17) t. 
&ffiz.Zffimi/x'rJ*&m\<^X'r4 VZjVzz >-r >y £ 

mm-fzjj&xjbix* mm=*>"r>*y*—2> (13) 

tt, ^^x^^S'J^^^tL^^^^^fl&^-fi (Kc 

0) laDayfyySrPffftU WEffS-b^^ (l 

1) tt, BS^kSn^l^V^^yBt^fi (KPUk (Kc 
o) ;Kk (Kco) ) ZUmtfeft (2 1) KlEft-rSfc 
#>CQtim (KPUk ; Kk) ^3^7^^-* (1 3) 
Cftil, MfK^^^y^— * (13) «\ 



(Kco) (cfc OW-S-fbSixfcav^^y (D 

C) rtP^bStb^a^-r^yrtF^ (KPUk (Kc 

o) ;Kk (Kco) ) k&KMVtto (2 1) KSEftLT 
«Eii£i£, wlK.<gm*>* (11) |* % flf-i§-{k<5ix*: = 
V^^yffip-^i (KPUk (Kco) ;Kk (Kco) ) £fg 

^-tztitb<Dm^mm (kpr k ; Kk) 

*a (15) ^wku «HE«**a«*¥a (15) 

<Z)ffi-*H«« (KPR k ;Kk) ^mjfSm^-^ (LSIet 

c) ic^tf>, HtrES^-^a (ls 1 etc) mm&rnm 

# (2 1) tClES*nTV>6 3^T"^yBf^-« (Kco) 

&mmm.^mm (kpr k ; Kk) &;b^-c«-s§-u 

Lfcl*-WI (Kco) T% ^yryy^rlf LtS^t 

[0006] w<D*jsfe(cJ:tu«, rV^/^^ry^ 
&Bt*fbUfcttlBT8IEii*-tt-T5FjE*EfflSrKJtL, £ <b 
(c, ff4t5It*s-C#5. Vm-t fob 

[0 0 0 7] «F*^kO**i: LT^iM^tfflt^ 

a-fe>^^e>fltii&snfc^^^^Hi« (kpu^ 
Bt-^-fkb, (11) a»k#&£*Lfc**ffl=" 

yryy^-^^-f^-h* (KPRra) fc/Bl^TSB 
eOS^SrfftfiU Bt-8-fkbfca^Vy fcflHHkLfca 
^T^yVU^-m (KPUk (Kco) ) (DS) (hf 

3®-t?>-^ (11) ?5^«^StbfcSEW* (DV) b&te 

mm& (21) (c»iWL, mib«4m*««#*« (1 

5) fi, Buism^-^IS: (LSI) ic, m^tit^y 

fyym^m (KPUk (Kco) ) *m j %irz>it#><D^* 
^^^-r-<-Kii (KPRk) raa (dv) ^^ie 
ir%tzib<nm&m-t>'?<&mm (KPUce) hu 

■B«#*gk (LSI) li, HE^S (DV) ^rW^ffl-t> 
^^^il (KPUce) Srffi^-C^SE-rS^irJCt^. = > 

"r^y*—ji (13) wi*ffl3yfyy>^*^Bia 

(KPUm) Sr»T, :Hia*)S* (DS) £j$tiEU 
HE^* (DV) J&l*m& (DS) ^lC^T*&6<b¥U 
WrLfeBR*-, fitj|E^^^^^W-<~ (KPRk) t^ct 
Kf^it^^T^y^m (KPUk (Kco) ) ^r^g^- 

u m^-^^^'r^y^itm (k co ) ^j:^, ^> 

^r>-y 89iE»31-fe^^ (1 1) (i> 

(KPUk) ^r, ^ —^7(7)^-^^^ yr> 

^>-*^BB« (KPUm) SrW^ffl-t^^^-f^- N 
fii (KPRce) TBg^kLTtif^i (KPRce (KPUra) ) & 

Uttsmwm- (dv) t^^^^r^y 

^Vzr^^^—ym (KPRk) <h^fflir>^^ii 



(KPUce) (15) iCflMM- 

(13) tt, ^^T^^m^^^v-yy^^rm (k co ) 

IJj-iHi (Kco) Srflty^ (11) IfS-fe 

(id frbte&tstitim£m^>"r>'y 

y^^-hm (KPRm) «:ffl^TSa<ot« (DV) £ 
ffrSU nt-^ftStt^i^v^^y (DC) 

* (i i) J:$«»Sixfc^;**i*-lHi (Kk) tcJ;*9 
le^ffc^ftTV^^^^Ht^i (Kk (Kco) 

(DV) ffa-fe^^^^ffittStb^BEW* (D 

v) t&mmmi* (21) tcE»L. iwe«#*s«# 

^WL (15) iftES^IS: (LSI) Id, -7**B£ 

#31 (Kk) (DV) ?r^IiE*r5/!:i6coW^ 

JfJ-feV^MSi (KPRce) t Z^fr. ffiflSffl^S (L 

si) ie^s (dv) zmzm-t^y^mm (kpr 
m%m = >'7 L >*y*—#£:fflm (KPUm) :n 

^J:0** (DS) SrtfcSEL, (DV) &t*5* 

(DS) *s^tc*ra"C*>5ir*iJWfUfcR^, ftffE*^** 
Rf-JHI (Kk) ICJ: VVgfjrlk^^T^yVSfjrm (Kk (K 
co) ) *«#L* «*Lfc=i ^Tl/yvg^-itm (Kco) 
d.fc!K ^^^^^^tt-^-L, BUlS^Sir^^ (1 1) 
fi N ziI/'t^V (13) COW^ffl^^X^^^- 

^<^BBfii (KPUm) ^g^fflir^:^^- hm (KP 
Rce) (KPRce (KPUm) ) 4"&tfffiEW 

# (DV) ^^"ri/V *—t> (l 3) a><b#W&£j|x 

fcayryyUS^B (Kco) * ^fl£ (Kk) "C 

W-g-fkL^:^— * t^^^y->y (13) 

L N -?X?V$^m (Kk) t^ffi-fc^^BHi (KPUc 

e) &mH&tt®m&¥& (is) ^«js&-rso 

[0 0 0 9] wCO*ffiJw«tiX{^ n^^^^fflp-^eSrl* 

tz, ^^^ym^-itm^^-it^^mm^^yxn 

[ooio] mw&^wcft. mm^itzMc^ >^ 
>y^m (Kco) &m^-rz>titt><Dffin (kprk k 

k) &E«U r^^^ct^^^xXyBf^ii (Kc 
o) Sr«*U m^lstz^^T^y^m (Kco) 
V^TPf^b^^^^^^V^^m-^-r^LS I Tfcot 



<&««£"&^ r^W»^J:«9 3yfi/7»«l (Kc 
o) £r«M§-U «-^L^=iVx^^B&-^Si (Kco) 

^^x^it^ntz^^^'y^m^^y-y b v^rx 
[ooi i ] i!iii£=3 yfyy> — #^y7>7(D 
^bs-jhi (Kco) ^j:9«F*{tuT«reE*iiff(cia 

[0 0 1 2] ±l£gift£iij£-r5fc#>, rc056^w»2 

n^^ySIJOSlOBff^kft (Kco) -CBff-5Hfc£ 
*Lfc7*>f v^/l^^^;/ IB2^H»^l:« (KPU 
k;Kk) JdJ:?)Wf»^Six^:«rEJBiwirff#fk« (Kc 

o) uac^^^r^— H«*rfflv^r*rt;Sixfe7* 

(DS) <h, tfJEKiSS^-f 
Sr««Ei-S^:«)<7>»ig#<7?^BBfli (KPUm) £^tr/5T^ 
«B8<£>SEiE» (DV) a*E»£:h/T^£K 

[0013] sEW*sraiB-r5fl!« 
^mi^$:m-^i-^w^^ ; 6"'r6#^co#(i, w 

[0 0 14] €-f>f v^^^^yfy^lt -^(7)— g|5^5p 

xx\ 'PK< t i>i&<D—m*m i (D^itmxvg^itz 
tixmHditftiztom ztixh£y<\ 

[0 0 15] 

yfy7^*i3^ LSI (*S«*aflHJK) 

^15^, p*—^^^^-^ (=gwm&y-#) 17 

a-— i^* i 9 fcSr&ifo 
[0016] ^Sir 1 1 fi, BS^bfitWSr^ U «P 

J* L. =i >"r > y > — # 1 3 t L S I ^ — ^ 1 5 

t5o *gm-t>y i i ^— ^ i i a\z£ t), 
m&xtemmiuzm-^-y r ^y * bRrjm^rm 
zmmisX, tit^o ifsirv^i i^4t5Btt 

[0 0 17] zj^y-^y ti 1 3(i, ^?i-trv^ 1 1 



^^-^) ^Bt^bb, mmmtb mx-ix* yyy> 

[0018] L S I > — ^ 1 5li, WSi? y? 1 1 CQBf 

f7 7 >f^t-7y bcD&mwtmz&'iz. AS I C 

S I Sr»» • SafiU «RJE+«. 
[0019] S-^-L S I tt\ Jr—TJ 7 
TtZtiZo it—?***—** 7(3, <ff3Hz>-*l I <D 

s i a^vs'*— # 1 3&mmirz>mft 

sue (^-^v^^m) &Kagu jis3m-5 0 

[0 0 2 0] 1 1 #J;tf;f, Z/'rlsy* 

[00 2 1] a.— if l 9 fl, -r 4 — # l 7 frWi 

4*mmzmmm&*mmi,x, 

[00 2 2] r^SEia^^x^T-ffiffl^tuS^HS 
^(do^T^I2$:#^LTift^i-5o aVf^iK 

[0 0 2 3] ^**4£|M!«KPUkti\ IfSir^* 1 1 

[0 0 2 4] v^^^^^^-hi KPRkte, ffSirV- 
^**^M«KPUk£»^£U ^LS I 

^-#i5 ^««i-5nt -JMbfc-cjfc «9 , m^m LSI^ 

[0 0 2 5] l^ffl=»yfy7>-^^7^^-FiK 
PRmte, f^irv^i l i^yfyy^- attics L 

[0 0 2 6] g^JBaZ/f^y^ — #^Bf}||KPUml*, 

ffSir>^ 1 i mffla^fyy^-*^^^- K 
IfJUrv^l 1 3«E93»lc$«>T 



[0 0 2 7] g£ffl-tr yfzr?^^— hSKPRceli, § 

m-ty? 1 1 b«£U #ayfy7>-*(OS« 

ffl a >^ — ^^P^KPUm^rPf-^ftUT ra^x 

[0 0 2 8] 5*ffl-fe^*^BB«KPUcera:, ffgHrV* 
1 I**, »*fflir^^^7>f -i— h^KPRce <h2}T*2§ 
9, IfLSII«^ ^yfy7 
>-#«SElJl*j ^ic&SfS-fe;/* 1 l<7)^££$iIiE 

[0 0 2 9] 3yf^>-*l3«t5f 
■BJIJa— h\ 7. TOC (TABLE OF CONTENT 

cox— ^^EftStfCv^o 

[0 0 3 0] #llll<D^-*li, gatBU = — KDIt, 

[0 0 3 1 ] e^55U =3 — KD I fi, ^ftcoft^, fla — 
[0 0 3 2] igft^— ^(^9^^mJ 

[0 0 3 3] RfF-JHfc^— ^DCIt *<Z>»¥0> 

~<D^y^yym<n^y : ryy%&KcoXv%^ik 
[0 0 3 4] Bttf^VTy^tDKii, =i yry^i 

KPUk (Kco) Tfe6o 
[0 0 3 5] a^^^^— ^(OS*DSfi, H&S'J^ — 

kd 1 1 „ wf-^DPt, mtsrikf—fvck* m 

- hilKPRraTPt^k:UT#bn^^-^KPRm (H (D 
I ; DP ; DC ; DK) ) XfrZo 

[0 0 3 6] mmLWmDVte, f^ayfyy^* 

bttfc^-^KPRce (KPUm) t zn^^y^ 

ir^^l 1 frMm-tZ>t^£><Dh<OX&>Z> Q 
[0 0 3 7] fttc ffl-g-L S I Kol^TiftWi-£o 

LSI3 1H [g]4 (C^i-J; 0 Id, K7^/< 3 3, g£ 

ttSffl 34, CPUyt«yhgl53 5, ffl^SP 3 6 . E« 

$P3 7, ^J^1^3 8 ^ii5c 
[0 0 3 8] K7>f'<3 3(i. IS^ttEf*2 1 <T>W&T — 



[0 0 3 9] EP*>* 5£ttB«S3 4fi, K7^^<3 3^ 

PRce (KPUm) IE1SW 3 7 iClElfcSftTV 

1 1 ©5*fflir>^^BflaKPUceSrfflV>"CtS-^b 

KPUmt5F3twS*ffi = ^ ^ — #4*M«KPUm£ £ 

ioo4o] -get ztmw-tzk, ^<nm&m^>"T 
*Dssr*iiEi-5. wh. m&m^^y-i/y *-t><&m 

^PUm£JB^T«-i§-L*:^&DS t, »S«J = — KD I 

tzh<D&— ai-6^5^«r*iJSUi"So S£»Bgfl3 4 
(=KPUk (Kco) ) fc^**^^ h^KPRk£ffi 

^rttt#U 3yfyy«Kco*S4t5 0 

[0 04 1 ] CPUyty h35 3 514, SAMBAS 3 4 
0¥«ELfc^ Bi£-C£fta>oit) i§^t-l4, ^-^co 

s^^r^ih-r^fc^, s^-ls i 3 itm^^nx\^^ 
z>mm m&.mw) ocpu45Srytyhts, m 

[0 04 2] ffl-g-SP 3 6 J4, S£$SB« 3 4 frB 
SELfc*3>tc:, K 7 3 3 ^i^tti tf - ^ ^Sf t 

V$ J %it£inX\<^Z>7*— *lcoi^TI4, V£flkBtt3 4^ 
ill-^- L7!i ^ yfyiV^Kco§rffiV x t ^7 — ^DD 3r^tE 

ffi*»3 714, wm-&>* 1 1 os^fflty^ 

4>HI^KPUce<>:, a^^yy— * 1 3 4*0>-r * * ^9 
MtKPRkir^lBtg-r^o 
[0 0 4 3] r<^^^-rA$r^(cilffl*rs^:*!)lcfi, 
IS It 35 3 7 ^ fEtt L T V * 5 Si K PUce £ K PRk t (4MS I- 

f4, I^ls i 3 i^»f)a8r^t^^te^J; 
te<o*ii^^^fiR*5rt«^^J-J: , 9 5*«B 

[0 0 4 4] $iJW3 8fj:, :Ol^LSI3 1^# 
[0 0 4 5] -(Dm^LS I 3 1 fcJB^fc;*— f 

jxmwnmmz^^xmmirZo ^ic^m-j^ic, 

53^^41i, 3^^^4 1^LTfEil^2 1 
tC»«$n^H(riS<oa#L SI3U,MLSI31 



D/AS«84 2t, D/Af^4 2 COtH^i-^ T-t" 

43^ A^£fl4 4<b, r <Dit—"?4 *mW±te<V®)ilF 
»t5CPU (*J^gP) 4 5 kfrbffil&ZtlZo 
[0 0 4 6] 4 1 MI4, |E»«tf*2 1 *S»Jtt^I 

LTtti^-r^. *fc°-#4 314. r^-D^^i-— t^tHI 
f^^ttSo CPU45lt A*»4 4^bWA/3lu 
^t, IE»{R#2 l a^<7>x--*<o»*tHL • 

[0 0 4 7] W: s ro^iiv'^.A^fflWcTV i/$ 

L,fcfE»J&f*2 1 £®igLfcl^ 1 3& 

^ colE»MEflc SrS^i- 6 r >r ^-«» £ Kit L fc v > 
^-^>f 7 f4<f Sir l l KSft-T 6 e 

[0 0 4 8] ^Siir^^ 1 1(4, ayfyy^- # 1 3 

s^^^-^^^^F^KPUk«i:g«iffi^7>r-<- hiiKP 
^KPUm^. umm^^^y *KhmmK?u*\*m%> 

^KPRce (KPUm) d> ft ^llE^S (KPUm : K PRce 

(KPUm) ) srffrsu 3^7>yy-* i 3^in^-r 

[0 0 4 9] ^fc, ^fSir^^ 1 1 tt, LSI>-*1 
PRki: ge.(D^^ffiirv^^^liKPUce^il^i-5o L 

s i *—t> i 5 tgm-t^? i i {-^u, -^<7)d- 

[0 0 5 0] ^fc. ^Sir^^ 1 1 «\ 

J $s^$&mmi'Z> 0 t-7^^-^7 1 7J4, ^^ir 

[0 0 5 1 ] aT, ^^^^^^-^^^612^^2 

mmL>xmW-tZ>o * 1 314, 0ij 

XJ4\ lEftafrt-lfitttS-ttSs^vyft, fiP^, ^te 
§l«:M^MlT3y7y^Kco^Mt6 (^^ 
•^Si) o ^tc, ^r^ft^sijn— k, fti]fflJ = — KO) 
gl!5iJx-^D I &±tfL-f% (^7y7"S2) o 
[0 0 5 2] iE»i--6*ft<7)Sf^S(7D5fe5SaJ5x 



4) . 

[0 0 5 3] £<blc, ±a$co^-^^*, HP*>. SSsB'Jt* 
Rf^L m^itZthtz) =2 v^^yfliKPUk (Kco) i: 

DS (= KPRm (H (D I ; DP ; DC ; KPUk (Kc 
o) ) ) o 

loo5 4] $ <bt-> sxakd^—zk, <gmt>* 1 1 
6) , ii^f-^^t5o =>yry7^^i 

ss) N ma^sftiis-tirs (isse-rs) . **5, sa»*t 

[0 0 5 5] — ^ «= RT£gttfc LSI^-^l3lt 

jtZm^-L SI3l£rASI CSW^Srfflv^TMifii- 
5 0 w^K, fatgg&3 7^1*. ^Sir^* 1 l<7)f*ffl 
-fev^WHBKPUce^ >"r yy^- * 1 3<OS§feSiJ = 
- Yh"7*9-fy<< h^KPRk£<7)*j-£:ieii£i±- 

So 

[0 0 5 6] If Srattfc***-— 7^ 
fi, LSI # 1 5 «fc ^m-^-L S I 3 1 £r«AU HI 

[0 0 5 7] t << — # 1 7 «t 19 ^SS«ta*J«A 

fiss, n 4 ic^-t- j: o \cmmm& 2 1 

[0 0 5 8] J^m. >"r>'y<DW£.te^ 6<D7v 

^bW^S^&^^ftS^jgjg^ixsi:, CPU 4 
5fim-^L S I 3 1 CO K7^^3 3^MLtr-^^ 

K^fH»«*DZ^?>*lJSUL (^^^/^S 11) , 

S 1 2) „ 

[0059] m&mw&U3 4fi. i^aLtf'-^^ 

tEe^DV&U^:/^ — # 1 3com^DS^f^^ 

£4rfiSik-*-5fc«>, CPUytyh»35^LTCP 
U4 5^^-fe^ h-r^ (J^y^S 1 4) 0 —35. 
y-ZtS 1 3T% |E^»DV&055^DSA5ft$n"Ct^S 



<b¥USiH-£^ EWSfDV£5£DS&tflfiEi-a 
y^S 1 5 — S 2 1 ) 0 

10 0 6 0] iP*>, 3 K9^^<3 3 3ft« 

^fl^tLTl^SftfrKPRce (KPUm) Sr. lEtSW 3 7 |C 

g£ m = > y ^ — # ^M^KPUra £ — ffc-T 5 
fcWMi-S l*Tv7S l 6) 0 HftL*^**U»JLfc 
jE^*DVf3^T*£>9 , CPU45^yty 
C^s/T/S 1 4) 0 
[0 0 6 1 ] — * % ^fy/S16T\ -atTV^<!: 
Wl^n^i:, SEW»DVI±WS»T?fef9, tl^SDV^ 
^iHTV^i^fflnyfy^^-^^MKPUni^ 

[0 0 6 2] S^ffia^V-^— #^BB«KPU 

mSrffll^f*^«ft5 (^fy^Sl 7) o 
■ffla-KDI, ^T-^DP, Bf^bT-'-^DC. 

T'SfttS (^y^S 1 8) 0 
[0 0 6 3] ISfctC, *^s^S 1 7T'tg^L7tf*^£:* 

— Brr**»5a»Sr«B'Ji-5 (^^^^S l 9) o ~ScL 

ftttixf** m&teM$)X2b*) > CPU45^Ut-yht 
a 1 4) o 

[0 0 6 4] ^t^^s i gt-atstw^fix^i 
£\ gp^b, Iep^Sdv^^d s t>^$hx&>z> (W-JHt 

tt. Bf^k^^X^^SiDK (=KPUk (Kco) ) ^rlS 
HSP3 7tc^^^ttTV^- : E:c7)=3>'x>'^>— ^7 1 3(D 
-^^^-^y^^— hiiKPRk^^V^T^^-U, 
y«KcoS:^-rS Uf^S20) o 
[0 0 6 5] 3 4 m^-SP 3 6 icm^ Lfc 

[0 0 6 6] fK-g-ffi 3 6 (1, tS-^ffi^m-^JClCa: K 

^L, etft«»D C S: 3 V f y y»Kco«:i i ^tat 
IT, a^-TSo :^^T-^liD/AM4 7tC 

[0 0 6 7] r<^J: 9*«j£f-«fc:h,tf, r>f^/^y 

^v^^fi&^burwitiau, i^fflcoL s i ^fi-i"^^© 



&m stts i ff srisiifc-es 

[0 0 6 8] SEftj!Ktt2 1 KIMkSix-C^af— 

^o-ft^^t-cSE»$nT^5<o-c, Mid, >fyh 
pt*Bt5^ ttfcBK w&a«-0#*. ft 

ft^ol, >T «r**ffc L TlEfiki- 6 « L T h X V \ 
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Problem 

To prevent unauthorized copying and use of 
music or other digital content and distribute securely. 



Means to solve 

A management center 1 1 supplies a master 
public key KPUk to a content maker, and supplies a 
master private key KPRk to an LSI maker 15. Content 
maker 1 3 records data encrypted by generating a 
content encryption key Kco according to the content, 
data in which content encryption key Kco is encrypted Key: 
using master public key KPUk, and a certificate DV 
from management center 1 1 on a recording medium 2 1 . 
LSI maker 15 includes master private key KPRk for 
decoding the encrypted content encryption key in a 
decoding LSI. The decoder decodes the content 
encryption key using master private key KPRk and 
decodes the content using the decoding LSI, when the 
certificate DV and a signature DS on the mounted 
recording medium 21 are both determined to be valid. 
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Claims 

1 . A method to distribute digital content using a distribution system provided with a 
management center that manages the distribution of the digital content, a content maker that 
encrypts and distributes the digital content under the management of the aforementioned 
management center, and a decoding means providing means that provides a decoding means to 
decode and make usable the content provided by the aforementioned content maker, 

the digital content distribution method being characterized in that: 
the aforementioned content maker records content encrypted with a content encryption 
key, and an encrypted content encryption key on a recording medium and distributes the same, 
the aforementioned management center provides decoding information for decoding the 
encrypted content encryption key to the decoding means providing means, 
the aforementioned decoding means providing means includes decoding information for 
decoding the aforementioned encrypted content encryption key in the aforementioned decoding 
means, 

and the aforementioned decoding means decodes the aforementioned decoding 
information using the content encryption key recorded on the aforementioned recording medium, 
and decodes and reproduces the content with the decoded encryption key. 

2. The digital content distribution method described in Claim 1, characterized by the fact 

that: 

the aforementioned content maker generates the content encryption key according to the 
content and encrypts the content, encrypts the generated content encryption key with a master 
public key supplied from the management center, creates its own signature using a content maker 
private key for signatures supplied from the management center, and stores the encrypted content, 
the encrypted content encryption key, the signature and a certificate supplied from the 
management center on a recording medium, 

the aforementioned decoding means providing means includes a master private key for 
decoding the encrypted content encryption key and a center private key for signatures for 
authenticating the certificate in the aforementioned decoding means, 

the aforementioned decoding means obtains the content maker public key for signatures 
for the content maker by authenticating the certificate using the center public key for signatures 
and authenticates the signature with that, and decodes the encrypted content encryption key with 
the aforementioned master private key and decodes the content with the decoded content 
encryption key, when the certificate and the signature are both determined to be valid, 

the aforementioned management center supplies the master public key, and a certificate 
that includes information in which the content maker public key for signatures for the content 
maker is encrypted with the center private key for signatures, to the content maker, and supplies 
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the master private key and the center private key for signatures to the aforementioned decoding 
means providing means. 

3. The digital content distribution method described in Claim 1, characterized by the fact 

that: 

the aforementioned content maker generates a content encryption key according to the 
content and encrypts the content, supplies the generated content encryption key to the 
management center, creates its own signature using a content maker private key for signatures 
supplied from the management center, and records the content encryption key encrypted with the 
master encryption key supplied from the management center, the signature, and a certificate 
supplied from the management center on a recording medium, 

the aforementioned decoding means providing means includes a master encryption key, 
and a center public key for signatures for authenticating the certificate in the aforementioned 
decoding means, 

the aforementioned decoding means obtains the content maker public key for signatures 
for the content maker by authenticating the certificate using the center management key for 
signatures and authenticates the signature with that, and decodes the encrypted content 
encryption key with the aforementioned master encryption key and decodes the content with the 
decoded content encryption key, when it is determined that the certificate and the signature are 
both valid, 

and the aforementioned management center supplies the certificate that includes 
information in which the content maker public key for signatures for the content maker is 
encrypted with the center private key for signatures, and data in which the content encryption 
key supplied from the content maker is encrypted with the master encryption key to the content 
maker, and supplies the master encryption key and the center public key for signatures to the 
aforementioned decoding means providing means. 

4. The digital content distribution method described in Claim 1, 2 or 3, characterized by 
the fact that: 

the aforementioned decoding means 

is provided with at least an LSI (large scale integrated circuit) that stores information for 
decoding the aforementioned encrypted content encryption key, decodes the content encryption 
key using this information, and decodes the encrypted content using the decoded content 
encryption key, 

or with software that includes information for decoding the aforementioned encrypted 
content encryption key, decodes the content encryption key with the information, and decodes 
the encrypted content using the decoded content encryption key. 
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5. The digital content distribution method described in Claim 1, 2, 3 or 4, characterized 
by the fact that: 

the aforementioned content maker 

records on the aforementioned recording medium a part of each content [unit] with plain 
text, and records at least another part encrypted with the aforementioned content encryption key. 

6. A digital recording medium, which is a recording medium on which multiple digital 
content [units] are recorded, and which is characterized by the fact that: 

for each digital content [unit], 

digital content, at least a part of which is encrypted with a first encryption key according 
to the content, 

the aforementioned first encryption key that is encrypted with a second encryption key, 

a digital signature generated using a manufacturer's private key, 

and a certificate for a prescribed relationship that includes a public key for the 

manufacturer in order to authenticate the aforementioned manufacturer's digital signature are 

recorded. 

7. The digital content recording medium described in Claim 6, characterized by the fact 
that for each digital content [unit], at least a part is recorded on the recording medium with plain 
text, and at least another part is encrypted with the first encryption key. 

Detailed explanation of the invention 
[0001] 

Technical field of the invention 

This invention relates to a digital content distribution method and to digital content with 
which it is possible to achieve a balance between the protection and use of content that is 
protected by copyrights, etc. 

[0002] 
Prior art 

It is becoming possible for various types of content to be processed, edited and copied 
due to advances in digital image processing technology. When content processing, editing and 
copying are haphazardly allowed, however, copyrights and portrait rights may not be protected, 
and benefits to the rights holder may be diminished. On the other hand, when use of the content 
is too restricted, the content becomes unusable. 
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[0003] 

To satisfy these requirements, digital watermarks and other technologies have been 
proposed, but data processing is complicated, and a complicated system is required. For this 
reason, these are not considered to be systems that can be used easily from the standpoint of a 
user who is unfamiliar with digital processing technology. 

[0004] 

Problems to be solved by the invention 

This invention was devised in consideration of the aforementioned situation, and has the 
objective of achieving balance between the use and protection of digital content. 

[0005] 

Means to solve the problems 

In order to accomplish the aforementioned objective, the digital content distribution 
method pertaining to a first viewpoint of this invention is a method to distribute digital content 
using a distribution system provided with a management center (11) that manages the 
distribution of the digital content, a content maker (13) that encrypts the digital content and 
distributes it under the management of aforementioned management center (11), and decoding 
means providing means (15, 17) that provide decoding means that can decode and use the 
content provided by aforementioned content maker (13), and is characterized by the [following] 
facts. Aforementioned content maker (13) encrypts content with a content encryption key (Kco) 
generated according to the content. Aforementioned management center (11) provides 
information (KPUk; Kk) for recording the encrypted content encryption key (KPUk (Kco); Kk 
(Kco)) on a recording medium (21) to content maker (13). Aforementioned content maker (13) 
distributes content (DC) encrypted with content encryption key (Kco) and the encrypted content 
encryption keys (KPUk (Kco); Kk (Kco)) recorded on recording medium (21). Aforementioned 
management center (11) provides decoding information (KPRk; Kk) for decoding encrypted 
content encryption keys (KPUk (Kco); Kk (Kco)) to decoding means providing means (15). 
Aforementioned decoding means providing means (15) includes decoding information (KPRk; 
Kk) for decoding the aforementioned encrypted content encryption keys in the aforementioned 
decoding means (LSI etc.). Aforementioned decoding means (LSI etc.) decodes content 
encryption key (Kco) recorded on aforementioned recording medium (21) using aforementioned 
decoding information (KPRk; Kk), and decodes and reproduces the content with decoded 
encryption key (Kco). 
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[0006] 

With this method, the digital content is distributed in an encrypted state to prevent 
unauthorized use, and in addition, it can be reproduced. The reliability and security of the keys 
are high, since they are managed by a third party, primarily the management center. In addition, 
the encryption keys differ according to the content, so even if a specific encryption key is broken, 
the entire recording medium will not be affected, which is secure. 

[0007] 

When a public key scheme is used as the encryption scheme, the following configuration 
is effective. First, the aforementioned content maker generates a content encryption key 
according to the content and encrypts the content, encrypts the generated content encryption key 
with a master public key (KPUk) supplied from the management center, generates its own 
signature using a content maker private key (KPRm) for signatures supplied from management 
center (11), and stores the encrypted content, encrypted content encryption key (KPUk (Kco), 
signature (DS) and a certificate (DV) supplied from management center (1 1) on recording 
medium (21). Aforementioned decoding means supplying means (15) includes a master private 
key (KPRk) for decoding encrypted content encryption key (KPUk (Kco)) and a center public 
key (KPUce) for signatures for authenticating certificate (DV) in aforementioned decoding 
means (LSI). Aforementioned decoding means (LSI) obtains a content maker public key (KPUm) 
for signatures for content maker (13) by authenticating certificate (DV) using center public key 
(KPUce) for signatures and authenticates signature (DS) with it, and decodes encrypted content 
encryption key (KPUk (Kco)) with aforementioned master private key (KPRk) and decodes the 
content with decoded content encryption key (Kco), when it is determined that certificate (DV) 
and signature (DS) are both valid. Aforementioned management center (11) supplies master 
public key (KPUk) and certificate (DV) that includes information (KPRce (KPUm) in which 
content maker public key (KPUm) for signatures for the content maker is encrypted with center 
private key (KPRce) for signatures to the content maker, and supplies master private key (KPRk) 
and center public key (KPUce) for signatures to aforementioned decoding means providing 
means (15). With this method, the key for encrypting the content encryption keys and the key for 
decoding are managed separately, so the method is more secure. In addition, the reliability is 
high due to the fact that a signature and a certificate are used. 

[0008] 

When a secret key scheme is used as the encryption scheme, the following configuration 
is effective. Aforementioned content maker (13) generates a content encryption key (Kco) 
according to the content and encrypts the content, supplies generated content encryption key 
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(Kco) to management center (11), creates its own signature (DV) [sic; (DS)] using a content 
maker private key (KPRm) for signatures supplied from management center (11), and records the 
encrypted content (DC), a content encryption key (Kk (Kco)) encrypted with a master encryption 
key (Kk) supplied from management center (11), signature (DV) [sic; (DS)] and a certificate 
(DV) supplied from the management center on recording medium (21). Aforementioned 
decoding means providing mean (15) includes master encryption key (Kk) and a center public 
key (KPRce) for signatures for authenticating certificate (DV) in aforementioned decoding 
means (LSI). Aforementioned decoding means (LSI) obtains a content maker public key (KPUm) 
for signatures for the content maker by authenticating certificate (DV) using center public key 
(KPRce) for signatures and authenticates signature (DS) with that, and decodes encrypted 
content encryption key (Kk (Kco)) with aforementioned master encryption key (Kk) and decodes 
the content with decoded content encryption key (Kco), when it is determined that certificate 
(DV) and signature (DS) are both valid. Aforementioned management center (11) supplies 
certificate (DV) that includes information (KPRce (KPUm)) in which content master public key 
(KPUm) for signatures for content maker (13) is encrypted with center private key (KPRce) for 
signatures, and data in which content encryption key (Kco) supplied from content maker (13) is 
encrypted with master encryption key (Kk) to content maker (13), and supplies master 
encryption key (Kk) and center public key (KPUce) for signatures to aforementioned decoding 
means providing means (15). 

[0009] 

With this method, the key for encrypting the content encryption keys and the key for 
decoding are the same, and processing when decoding (reproducing) can be accomplished 
quickly, which is particularly useful for applications where real time characteristics are required. 
In addition, processing to encrypt the content encryption keys is performed by the center, so the 
reliability is very high while a secret key scheme is used. Additionally, the reliability is high due 
to the fact that a signature and a certificate are used. 

[0010] 

The aforementioned decoding means could be an LSI that stores information (KPRk, Kk) 
for decoding aforementioned encrypted content encryption key (Kco), decodes content 
encryption key (Kco) with this information, and decodes the encrypted content using decoded 
content encryption key (Kco), or it could be software that includes information for decoding the 
aforementioned encrypted content encryption key, decoding content encryption key (Kco) with 
this information, and decoding the encrypted content using decoded content encryption key 
(Kco). 
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[0011] 

The aforementioned content maker could also record a part of each content [unit] with 
plain text, and record at least another part encrypted with aforementioned content encryption key 
(Kco) on the aforementioned recording medium. If so, opening a part of a song, the intro for 
example, to identify the song, the allowance of commercial use, and other actions can easily be 
accomplished. 

[0012] 

In order to accomplish the aforementioned objective, a recording medium on which 
multiple digital content [units] are recorded and that pertains to a second viewpoint of this 
invention is characterized by the fact that, for each content [unit], digital content, at least a part 
of which is encrypted with a first encryption key (Kco) according to the content, aforementioned 
first encryption key (Kco) that is encrypted with a second encryption key (KPUk; Kk), a digital 
signature (DS) generated using the manufacturer's private key, and a certificate (DV) for a 
prescribed relationship that includes the manufacturer's public key (KPUm) for authenticating 
the aforementioned manufacturer's digital signature are recorded. 

[0013] 

With this configuration, anyone other than someone who has information to verify the 
certificate and information to decode the first key, that is, anyone who does not have an 
authorized right, is unable to verify the authenticity of the prescribed relationship, as well as 
verify the manufacturer's signature from the verification result and then decode the content. 
Therefore, it is possible for digital data to be distributed securely on the market. 

[0014] 

For each digital content [unit], a part could be recorded in plain text, and at least another 
part could be encrypted with the first encryption key. 

[0015] 

Embodiments of the invention 

The content distribution system and method pertaining to an embodiment of this 
invention will be explained using a case in which audio data (music data) are distributed as a 
example. 



First embodiment 

The content distribution system in this embodiment, as shown in Figure 1, includes a 
management center 1 1, a content maker 13, an LSI (large scale integrated circuit) maker 15, an 
audio maker (audio device maker) 17, and a user 19. 

[0016] 

Management center 1 1 has encryption technology and sets the encrypted file format 
according to the properties of the content to be encrypted and customer requirements, while also 
generating various types of encryption keys, which are supplied to content maker 13 and LSI 
maker 15. Management center 1 1 records and manages encrypted file formats and encryption 
keys according to the customer or contract using a database 1 1 A. The encryption keys generated 
by management center 1 1 will be collectively explained referring to Figure 2. 

[0017] 

Content maker 13 generates an encryption key for each content [unit] and encrypts the 
content (here, music data) based on usage permission for the encrypted file formats from 
management center 1 1, and saves them on a recording medium (a flash memory, for example), 
which is sold. 

[0018] 

LSI maker 1 5 designs, manufactures and sells a decoding LSI to decode the encrypted 
content in accordance with the encryption file format set by management center 1 1 and the 
provided encryption key, using an ASIC (integrated circuit for specific applications), based on 
usage permission for the encrypted file format from management center 1 1 . 

[0019] 

The decoding LSI is sold to audio maker 17. Audio maker 17 incorporates the decoding 
LSI, based on the usage permission for the encrypted file format from management center 1 1, 
decodes the content data recorded on the medium provided by content maker 13, and 
manufactures and sells the reproducing device (audio device). 

[0020] 

Management center 1 1 is operated using compensation from content maker 13, LSI 
maker 15 and audio maker 17 as all or a part of the operating funds. 



10 



[0021] 

User 19 purchases an audio device provided by audio maker 17 and a recording medium 
on which are stored music data provided by content maker 13, and mounts the recording medium 
in the audio device to reproduce the music data. The music data reproduced from the recording 
medium are encrypted data, and they are decoded by the decoding LSI and reproduced as music. 

[0022] 

Next, each of the encryption keys used with this distribution system will be explained 
referring to Figure 2. Content key Kco is an encryption key generated by content maker 13 
generating a random number for each content [unit], and the content maker uses it for encrypting 
the content to be distributed. 

[0023] 

Master public key KPUk is an encryption key generated and supplied by management 
center 1 1 for each content maker (can also be for each content [unit], etc.), and is used by content 
maker 13 to which it is supplied to encrypt content key Kco. 

[0024] 

Master private key KPRk is an encryption key generated by management center 1 1 and 
paired with master public key KPUk, and is supplied to each LSI maker 15. It is stored in the 
decoding LSI or in decoding software, and is used for decoding content key Kco that has been 
encrypted with master public key KPUk. 

[0025] 

Content maker private key KPRm for signatures is an encryption key generated and 
provided by management center 1 1 for each content maker. It is used for the content maker to 
sign each content [unit], 

[0026] 

Content maker public key KPUm for signatures is generated by management center 1 1 
and paired with content maker private key KPRm for signatures. It is used while included in a 
certificate issued by management center 1 1 in order to authenticate the content maker signature. 
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[0027] 

Center private key KPRce for signatures is generated independently by management 
center 1 1 , and is used to encrypt content maker public key KPUm for signatures for each content 
maker and generate a "content maker key certificate." 

[0028] 

Center public key KPUce for signatures is a key generated by management center 1 1 and 
paired with center private key KPRce for signatures. It is stored in the decoding LSI and is used 
to authenticate the signature of management center 1 1 within the "content maker key certificate." 

[0029] 

Next, the music data provided by content maker 13 will be explained. An example of the 
music data stored on recording medium 21 is shown in Figure 3. At the beginning position on 
each medium, the medium's identification code, an identification code for content maker 13, the 
medium type, TOC (TABLE OF CONTENTS) information, control information DZ, such as 
copyright information, and data for N songs' worth of music are recorded. 

[0030] 

The data for each song are configured from an identification code DI, plain text data DP, 
encrypted data DC, encrypted content key DK, content maker signature DS, and certificate DV. 

[0031] 

Identification code DI consists of non-encrypted plain text data that indicate the name, 
song code, performance time, etc. of each song. 

[0032] 

Plain text data DP consist of non-encrypted plain text data for a prescribed time (around 
10 sec, for example) in the first half of the song data. 

[0033] 

Encrypted data DC are data generated by encrypting the last half portion of the song data 
with content key Kco for the content. 

[0034] 

Encrypted content key DK consists of data KPUk (Kco) obtained by encrypting content 
key Kco with master public key KPUk. 
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[0035] 

Content maker signature DS consists of data KPRm (H (DI; DP; DC; DK)) obtained by 
converting identification code DI, plain text data DP, encrypted data DC, and encrypted content 
key DK with a hash function or another one-way function H() and encrypting this with content 
maker private key KPRm. 

[0036] 

Key certificate DV includes content maker public key KPUm for signatures, and data 
KPRce (KPUm) obtained by encrypting content maker public key KPUm for signatures with 
center private key KPRce for signatures, and is for the purpose of management center 1 1 
certifying that the key used by the content maker for the signature is valid. 

[0037] 

Next, the decoding LSI will be explained. Decoding LSI 3 1 , as shown in Figure 4, is 
provided with a driver 33, a signature verification unit 34, a CPU reset unit 35, a decoding 
unit 36, a storage unit 37, and a control unit 38. 

[0038] 

Driver 33 successively reads the recorded data on recording medium 21. Signature 
verification unit 34 determines whether certificate DV and signature DS have been attached to 
the content to be decoded, and authenticates certificate DV and signature DS when it is 
determined that they attached. 

[0039] 

Specifically, signature verification unit 34 decodes portion KPRce (KPUm) that is 
encrypted within certificate DV read by driver 33 using center public key KPUce for signatures 
from management center 1 1 stored in storage unit 37, and obtains content maker public key 
KPUm for signatures. Signature verification unit 34 compares decoded content maker public key 
KPUm for signatures and the plain-text content maker public key KPUm for signatures and 
determines whether they match. 

[0040] 

When it is determined that they match, content maker signature DS is authenticated using 
content maker public key KPUm for signatures. Specifically, whether signature DS decoded 
using content maker public key KPUm for signatures, identification code DI, plain text data DP, 
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encrypted data DC and encrypted content key DK converted with a prescribed one-way function 
H() match is determined. When signature verification unit 34 determines that they match, 
encrypted content key DK (=KPUk (Kco)) is decoded using master private key KPRk, and 
content key Kco is reproduced. 

[0041] 

CPU reset unit 35 resets CPU 45 of the device in which decoding LSI 31 is incorporated 
(reproducing device) to prohibit data reproduction when signature verification unit 34 cannot 
detect a signature or certificate (no signature or certificate is present) and when authentication 
cannot be certified (present, but cannot be certified). The reproduction operation is canceled by 
this. 

[0042] 

Decoding unit 36 is the portion that decodes the data read by driver 33 when signature 
verification unit 34 certifies the signature, and reproduces the plain text data without changes and 
decodes music data DD for the encrypted data using content key Kco decoded by signature 
verification unit 34. Storage unit 37 stores center public key KPUce for signatures for 
management center 1 1 and a master private key KPRk for each content maker 13. 

[0043] 

In order for the system to be operated effectively, it is necessary for keys KPUce and 
KPRk stored by storage unit 37 to be kept strictly secret. For this reason, storage unit 37 is 
connected to the signature verification unit using an internal bus that is different from the other 
common buses so as not to be directly accessible from outside decoding LSI 3 1 . Data for the 
keys are also not output unchanged to the outside. 

[0044] 

Control unit 38 controls the operation of each unit in decoding LSI 31. 

[0045] 

Next, the configuration of the audio device that uses decoding LSI 31 will be explained. 
As shown in Figure 4, the audio device is configured with a connector 41 where the recording 
medium can be detachably mounted, aforementioned decoding LSI 3 1 that is connected to 
recording medium 21 through connector 41, a D/A converter 42 that converts the music data 
output from decoding LSI 31 to analog data, a speaker (including headphones, etc.) 43 that 
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produces sound from the analog signals output by D/A converter 42, an input unit 44, and a CPU 
(control unit) 45 that controls all operations of the audio device. 

[0046] 

Recording medium 21 is detachably mounted in connector 41. D/A converter 42 converts 
the reproduced digital audio signal to an analog audio signal and outputs it. Speaker 43 produces 
sound from the analog audio signal. CPU 45 controls all operations of the system, including the 
reading and reproduction of data from recording medium 2 1 , in accordance with input from input 
unit 44. 

[0047] 

Next, a digital content distribution method that uses the distribution system will be 
explained. Content maker 13 that wants to manufacture recording media 21 on which music is 
recorded, and audio maker 1 7 that wants to manufacture audio devices to play the recording 
media are registered at management center 1 1 . 

[0048] 

When use of the encrypted file format is permitted for a content maker 13, management 
center 1 1 permits use of the encrypted file format, provides the knowhow for this, and also 
provides the paired master public key KPUk and private key KPRm for signatures. A certificate 
(KPUm: KPRce (KPUm)) comprising content maker public key KPUm for certification and data 
KPRce (KPUm) in which content maker public key KPUm for certification is encrypted using 
center private key KPRce for signatures is created and is sent to content maker 13. Content 
maker 13 pays a fixed royalty (compensation) to management center 11. 

[0049] 

When manufacture of a decoding LSI conforming to the encrypted file format is 
permitted for an LSI maker 15, management center 1 1 provides the permission and the knowhow, 
and also notifies the master private key KPRk for each content maker and center public key 
KPUce for its own signature. LSI maker 1 5 pays a fixed royalty to management center 1 1 . 

[0050] 

In addition, when use of the encrypted file format is permitted for an audio maker 1 7, 
management center 1 1 gives permission to use the encrypted file format and also provides the 
knowhow for it. Audio maker 1 7 pays a fixed royalty to management center 1 1 . 
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[0051] 

The operation of recording content to recording medium 2 1 by a content maker will be 
explained below referring to the flow chart in Figure 5. First, content maker 13 generates a 
random number for each content [unit], that is, each song, stored on the recording medium, for 
example, and generates a content key Kco (step SI). Next, song identification code and control 
code identification data DI are generated (step S2). 

[0052] 

Additionally, a prescribed amount of the beginning portion DP of the songs to be 
recorded is left as plain text, and the remaining portion DC is encrypted with content key Kco 
(step S3). Content key Kco generated at step SI is encrypted with master public key KPUk and 
encrypted content key DK is generated (step S4). 

[0053] 

Additionally, all of the abovementioned data, that is, identification data DI, plain text 
data DP, encrypted data DC, and encrypted (that has been encrypted) content key KPUk (Kco) 
are converted using a hash function or another one-way function H(). The conversion result is 
additionally encrypted with content maker private key KPRm for signatures, and a content maker 
signature (=KPRM (H (DI; DP; DC; KPUk (Kco))) is generated (step S5). 

[0054] 

Certificate DV provided from management center 1 1 is additionally added to the data 
above (step S6), and the data for 1 song are complete. Content maker 13 combines data for 
1 song that are generated in this way are combined in N songs' worth as appropriate (step S7), 
data for 1 recording medium are generated, they are recorded on recording medium 21 (step S8), 
and [the medium] is distributed on the market (sold). Note that once the data to be recorded are 
created in memory, processing is finished just by the data being recorded on the recording 
medium. 

[0055] 

At the same time, LSI maker 13 [sic; 15] that has received permission manufactures a 
decoding LSI 31 provided with driver 33, etc. in accordance with the provided format using 
ASIC technology, etc. In this instance, center public key KPUce for signatures for management 
center 1 1, and the pair of identification code and master private key KPRk for content maker 13 
are recorded in storage unit 37. 



16 



[0056] 

Audio maker 15 [sic; 17] that has received permission purchases decoding LSI 31 from 
LSI maker 15 and manufactures an audio device as shown in Figure 4. 

[0057] 

A user 1 9 who purchases an audio device from audio maker 1 7 and a recording medium 
from content maker 13 mounts recording medium 21 in connector 41 of the audio device as 
shown in Figure 4. 

[0058] 

Next, content reproduction is performed with the steps shown in the flow chart in 
Figure 6. First, when reproduction is instructed and a song number is designated from input 
unit 44, CPU 45 controls driver 33 of decoding LSI 31 and data are read, the song's position and 
the content maker identification code are identified from control information DZ (step SI 1), and 
all the data for the song are read from the relevant storage position (step SI 2). 

[0059] 

Signature confirmation unit 34 determines whether certificate DV for management 
center 1 1 and signature DS for content maker 1 3 have been attached to the content to be decoded 
(reproduced) (step SI 3). When it is determined that at least one has not been attached, CPU 45 is 
reset through CPU reset unit 35 in order to prevent content reproduction (step SI 4). On the other 
hand, when it is determined at step S13 that certificate DV and signature DS have been attached, 
certificate DV and signature DS are authenticated (steps S15-S21). 

[0060] 

Specifically, signature verification unit 34 decodes the portion KPRce (KPUm), where 
content maker public key KPUm for signatures that is encrypted with center private key KPRce 
for signatures, within certificate DV read by driver 33, with center public key KPUce for 
signatures that is saved in storage unit 37 (step SI 5), and determines whether it matches the 
content maker public key KPUm for signatures saved with plain text in certificate DV (step SI 6). 
When it is determined that they do not match, certificate DV is invalid, and CPU 45 is reset 
(step S14). 
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[0061] 

On the other hand, when it is determined at step S16 that they do match, certificate DV is 
valid, and signature DS is authenticated using content maker public key KPUm for signatures 
included in certificate DV. 

[0062] 

First, the signature is decoded using content maker public key KPUm for signatures 
(step SI 7). Next, identification code DI, plain text data DP, encrypted data DC, and encrypted 
content key DK are converted with prescribed hash function H() (step SI 8). 

[0063] 

Next, whether the content decoded at step S17 and the data converted with hash function 
HQ at step SI 8 match is determined (step SI 9). If they do not match, the signature is invalid, and 
CPU 45 is reset (step SI 4). 

[0064] 

When it is determined at step S19 that they do match, that is, that both certificate DV and 
signature D are valid (the encryption key is correct), signature verification unit 34 decodes 
encrypted content key DK (= KPUk (Kco)) using master private key KPRk for content maker 1 3 
that was saved in storage unit 37, and content key Kco is reproduced (step S20). 

[0065] 

Signature verification unit 34 provides decoded content key Kco to decoding unit 36 and 
also outputs a decode instruction signal. 

[0066] 

Decoding unit 36 responds to the decode instruction signal, outputs the plain text data for 
each song read by driver 33 without change, and decodes encrypted portion DC using content 
key Kco and outputs it. The output data are converted to an analog signal by D/A converter 47, 
and sound is produced from speaker 48. 

[0067] 

With such a configuration, digital content is encrypted and distributed, and can be 
reproduced only with a device that has a specialized LSI, so unauthorized copying of the digital 
content can be prevented. In addition, it is possible for essentially anyone to manufacture/sell 
products that conform to the common encrypted file format just by registering at management 
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center 1 1 . Additionally, the encryption keys differ by content units, so even if some of the 
encryption keys are broken, the other keys are valid, and a thing itself [sic; situation] where the 
content of the entire recording medium will be pirated can be avoided. 

[0068] 

In addition, a part of the data recorded on recording medium 2 1 is recorded with plain 
text, so a part of the music can be heard, for example, the intro can be verified. Note that the data 
recorded with plain text are not limited to the beginning portion of the individual songs, but 
could also be multiple locations within each song, popular locations, etc. In addition, some of the 
songs could be completely recorded with plain text, and the other songs could be completely 
encrypted. 

[0069] 

Note that management center 1 1 is required for this distribution system, and it is 
preferable that businesses, semi-public institutions and public institutions that are conversant in 
encryption technology, and that are highly reliable and trustworthy, realize the functions of 
management center 1 1 . 

[0070] 

Second embodiment 

With the first embodiment, a public key encryption scheme (scheme using a pair of a 
private key and a public key) was used, but a secret key encryption scheme (common key 
scheme) can also be used. A distribution system in which a secret key encryption scheme is used 
will be explained below. 

[0071] 

The configuration and operation of the content distribution system in this embodiment are 
basically the same as the configuration and operation of the distribution system in the first 
embodiment shown in Figure 1 , and in the explanation below, only the distinctive portions will 
be explained. 

[0072] 

First, management center 1 1 sets the encrypted file format according to a request by 
content maker 13 and also generates master key Kk for encrypting the encryption key according 
to the content. Here, content maker 13 is not notified of master key Kk and is managed by 
management center 1 1 . 
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[0073] 

Content maker 13 generates random numbers, generates encryption key (content key) 
Kco for each content [unit], and encrypts each content [unit]. Content maker 13 sends the 
generated content key Kco to management center 1 1 . Management center 1 1 encrypts the content 
key Kco that was sent with master key Kk and sends encrypted master key Kk (Kco) to content 
maker 13. 

[0074] 

Management center 1 1 also sends data corresponding to certificate DV to content 
maker 13. The content maker generates data for 1 song by combining identification code DI, 
plain text data DP, encrypted data DC, content key DK encrypted with master key Kk (=Kk 
(Kco)), content maker signature DS, and certificate DV, identical to the configuration shown in 
Figure 2, and additionally combines N songs' worth of this, adds controls codes to generate data 
for 1 recording medium 25, and saves on recording medium 21. 

[0075] 

LSI maker 15 receives master key Kk and center public key KPUce for signatures from 
management center 1 1 and saves them in storage unit 37, which is sold. 

[0076] 

When content recorded on recording medium 21 that is manufactured in this way is 
reproduced, certificate DV is authenticated using center public key KPUce for signatures stored 
in storage unit 37, and signature DS of content maker 13 is authenticated using content maker 
public key KPUm included in certificate DV, in the same way as in the first embodiment. 

[0077] 

If as a result of authentication, it is determined that certificate DV and signature DS are 
valid, encrypted K [sic] content key DK (= Kk (Kco)) is decoded using master key Kk stored in 
storage unit 37 to obtain content key Kco, and the content is decoded thereafter using content 
key Kco. 

[0078] 

With such a configuration, digital content can be encrypted and distributed with a simpler 
procedure, costs can be held down, and the time required for decoding when reproducing can be 
shortened, in comparison with the first embodiment. 
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[0079] 

Application examples of the embodiments 

With the first and second embodiments above, a part of the data for each song is recorded 
on recording medium 21 with plain text, and the remaining portion is encrypted, but all of the 
songs could also be encrypted and recorded. 

[0080] 

In addition, with the first embodiment above, signature DS of content maker 1 3 and 
certificate DV for management center 1 1 are added to each song, but these data need not be 
added. In this case, content key Kco is decoded and the music data are decoded and reproduced 
using decoded content key Kco without authenticating signature DS and certificate DV. 

[0081] 

With the embodiments above, decoding LSI 3 1 was manufactured to decode the content, 
but the manufacture of said LSI is not necessarily required. For example, software for decoding 
could be incorporated into the reproducing device. In this case, center public key KPUce for 
signatures for signature authentication and master private key KPRk (or master key Kk) are 
included in the software. With such a scheme as well, digital content can be encrypted and 
securely distributed, and valid rights holders can reproduce it. 

[0082] 

With the configuration above, a controller (LSI) was installed for recording medium 21, 
but, for example, an LSI for control could be installed on recording medium 21, data for 
verification could be saved on recording medium 21, and verification processing could be carried 
out between the controller and decoding LSI 31 . When verification is not possible with this 
verification processing, CPU 45 is reset and reproduction is prohibited, as in the case when a 
digital signature cannot be verified. 

[0083] 

The number of times recording medium 2 1 is copied could also be restricted. In this case, 
a region to record the number of copies is placed on recording medium 21, and the number of 
copies is updated each time copying is performed. 
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[0084] 

This invention is not limited to cases where music data are encrypted and distributed and 
is effective for distribution of any digital content, such as images. For example, images to be 
printed (portrait frame images, for example) could be saved on a recording medium and 
distributed, and the recording medium could be mounted in a printer or the like and reproduced 
with a decoding LSI, and printing could be accomplished in combination with the images to be 
printed. 

[0085] 

Effect of the invention 

As explained above, with this invention, unauthorized copying, etc. of any digital content 
can be prevented, and appropriate distribution of digital content is enabled. 

Brief description of the figures 

Figure 1 is a block diagram showing the basic configuration of a digital content 
distribution system pertaining to one embodiment of this invention. 

Figure 2 is a figure for explaining the encryption keys used with the distribution system 
shown in Figure 1 . 

Figure 3 is a figure for explaining the format of a commercially distributed recording 
medium distributed, with the distribution system shown in Figure 1 . 

Figure 4 is a block diagram showing the configuration of the decoding LSI and a 
commercially distributed reproducing device (audio device), with the distribution system shown 
in Figure 1 . 

Figure 5 is a flow chart for explaining processing to record the digital content on the 
recording medium. 

Figure 6 is a flow chart for explaining processing to reproduce the digital content 
recorded on the recording medium. 

Explanation of symbols 
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